Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Iphone Security Technology

Apple's iPhone Spyware Problem Is Getting Worse (wired.com) 60

An anonymous reader quotes a report from Wired: In April, Apple sent notifications to iPhone users in 92 countries, warning them they'd been targeted with spyware. "Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID," the notification reads. Users quickly took to social media sites including X, trying to work out what the notification meant. Many of those targeted were based inIndia, but others in Europe also reported receiving Apple's warning. Weeks later, little is still known about the latest iPhone attacks. Former smartphone giant Blackberry, now a security firm, has released research indicating they are linked to a Chinese spyware campaign dubbed "LightSpy," but Apple spokesperson Shane Bauer says this is inaccurate.

While Apple says the latest spyware notifications aren't linked to LightSpy, the spyware remains a growing threat, particularly to people who may be targeted in Southern Asia, according to Blackberry's researchers. Described as a "sophisticated iOS implant," LightSpy first emerged targeting Hong Kong protesters in 2020. However, the latest iteration is much more capable than the first. "It is a fully-featured modular surveillance toolset that primarily focuses on exfiltrating victims' private information, including hyper-specific location data and sound recording during voice over IP calls," the researchers wrote. April's warnings were not the first time Apple has issued notifications of this kind. The iPhone maker has sent out alerts to people in over 150 countries since 2021 as spyware continues to target high-profile figures across the globe.

Spyware can be weaponized by nation-state adversaries -- but this is relatively rare and expensive. Its deployment is typically highly targeted against a very specific group of people, including journalists, political dissidents, government workers, and businesses in certain sectors. "Such attacks are vastly more complex than regular cybercriminal activity and consumer malware, as mercenary spyware attackers apply exceptional resources to target a very small number of specific individuals and their devices," Apple wrote in an advisory in April. "Mercenary spyware attacks cost millions of dollars and often have a short shelf life, making them much harder to detect and prevent. The vast majority of users will never be targeted by such attacks." Plus, Apple says its Lockdown Mode feature can successfully protect against attacks. "As we have said before, we are not aware of anyone using Lockdown Mode being successfully attacked with mercenary spyware," Bauer says. Still, for those who are targeted and caught unaware, spyware is extremely dangerous.
There are a number of ways to protect yourself against spyware and zero-click exploits in particular:

1. Regularly Update Devices: Keep your devices updated to the latest software to protect against known vulnerabilities.
2. Restart Devices Daily: Regularly restarting your device can help disrupt persistent spyware infections by forcing attackers to reinfect the device, potentially increasing their chances of detection.
3. Disable Vulnerable Features: Consider disabling features prone to exploits, such as iMessage and FaceTime, especially if you suspect you're a target for spyware.
4. Use Multifactor Authentication and Secure Sources: Employ multifactor authentication and only install apps from verified sources to prevent unauthorized access and downloads.
5. Monitor for Indicators: Be vigilant for signs of infection such as battery drain, unexpected shutdowns, and high data usage, though these may not always be present with more sophisticated spyware.
6. Seek Professional Help: If you suspect a spyware infection, consider professional assistance or helplines like Access Now's Digital Security Helpline for guidance on removal.
7. Utilize Advanced Security Features: Activate security features like Apple's Lockdown Mode, which limits device functionality to reduce vulnerabilities, thus safeguarding against infections.
This discussion has been archived. No new comments can be posted.

Apple's iPhone Spyware Problem Is Getting Worse

Comments Filter:
  • by kmoser ( 1469707 ) on Monday May 06, 2024 @10:36PM (#64452988)
    With all the known compromised machines to analyze, why can't Apple figure out how this spyware got in and plug the leak(s)?
    • by tlhIngan ( 30335 ) <slashdot&worf,net> on Tuesday May 07, 2024 @07:29AM (#64453586)

      With all the known compromised machines to analyze, why can't Apple figure out how this spyware got in and plug the leak(s)?

      There aren't many. These attacks generally only affect a few hundred people. And Apple is warning people because they see strange access patterns coming from their phones to their servers.

      Apple doesn't have the malware or the devices in hand to analyze them (and fix the holes) - they only noticed that some odd access patterns were happening and notified users.

      To track them down Apple would need a copy of the malware and likely the events triggering it (e.g., text message). They likely have none of that. I mean they probably could, but that would me having people to surrender their phone to Apple for analysis, which also means giving Apple all the data contained within. Chances are good that the people involved would be wary of what happens to their data.

      So no, Apple can't go after them because Apple basically doesn't have the malware to analyze. And the people who can give it to them are likely people who can't give it to them.

      • by kmoser ( 1469707 )
        > These attacks generally only affect a few hundred people. In the right hands, this exploit could affect pretty much every iPhone owner out there, so Apple has lots of incentive to stop this.

        I find it hard to believe that Apple has not been able to find one owner of an exploited phone who is willing to turn in the device for analysis, especially considering it would all but ensure a fix.
    • "all the known compromised machines to analyze"

      How many were compromised? Were there any that were actually compromised?

      Are there any "unplugged leaks" relevant to the topic?

      If a vulnerability were identified and fixed, would you not then be able to identify continuing attempts to exploit it by those who don't know that it has been fixed?

    • They already have. What makes you think they haven't? Oh, yeah, that train wreck of an article.
    • I mean that would not be the first time, see cisco etc...
    • by gweihir ( 88907 )

      Cost. Obviously, Apple could do much better. But in the end, they are just after profits, like all commercial software makers.

  • Throw It Away. (Score:5, Insightful)

    by zenlessyank ( 748553 ) on Monday May 06, 2024 @11:35PM (#64453052)

    Problem solved.

    Next issue?

    • Re: (Score:2, Insightful)

      by AmiMoJo ( 196126 )

      A smartphone is somewhat vital for a lot of people these days. Needed to work, to keep in contact with friends and family etc. So it's not enough to say just throw it away, you need to offer a viable alternative.

      In case it wasn't clear, becoming a hermit isn't viable.

      • It's increasingly required as a 2nd factor authentication device for banking, doing taxes etc.
      • Re: (Score:3, Insightful)

        by zenlessyank ( 748553 )

        Um, you are kidding, right? No one said shit about not having a smart phone. Throw the APPLE phone away and go with an android.

        • by AmiMoJo ( 196126 )

          Fair enough, if we are acknowledging that Android is a more secure platform with less of an issue with spyware. Was that the point?

          • The point is that Android gives the user and developer more control over an issue that is ongoing. And also I am a long time Apple hater for being a proprietary shitbag company for many decades.

            • by nasch ( 598556 )

              What good is more control against such a sophisticated attack - unless the user happens to be an IT security professional?

          • Sure, if you want to acknowledge a falsehood as truth, go ahead. For you that's par for the course.
      • Yes, the real solution is to stop playing mobile games on the same device you use to access your bank account. Too bad the smartphone vendors build their platforms that way on purpose, because that's where the money is.

        • by AmiMoJo ( 196126 )

          Is it really beyond the wit of man to design an OS that allows you to run multiple applications safely?

  • by sonoronos ( 610381 ) on Monday May 06, 2024 @11:58PM (#64453080)

    This story is very obviously an advertisement for whatever âoeAccess Nowâ and their services are.

    Itâ(TM)s hard to tell these days what is or isnâ(TM)t a legitimate service. My guess is that this non-profit is actively engaged in trying to gather stories about people being affected by what they believe is electronic censorship, tracking, or whatever, and then republish those stories as a form of advertisement.

    I wonder how much it costs to run a story like this on all the tech media outlets? Are we just reading ads, paid for by other ads at this point?

    • Have to agree. Writing and publishing is the lifeblood of the attention economy... we need topics to capture your attention.. lets find one that is nice and scary. Advertisers/writers/publishers are a self perpetuating symbiosis. If you peel back the self service, you might find the seed of an idea though.
  • by Anonymous Coward

    Restart Devices Daily

    Fix Or Reboot Daily.

  • 8. (Score:1, Offtopic)

    by Vranitzky ( 5222955 )
    8. Stop voting for dictators. I'm not surprised this is happening in India
  • by Canberra1 ( 3475749 ) on Tuesday May 07, 2024 @02:05AM (#64453188)
    Weeks have passed. Apple knows of the extent roughly. We know they recently claimed to have 'managed' the one recently fully disclosed by Kaspersky where Apple hardware had MMIO bypasses in its own silicon. Apple has their own hardware logic analyzer and iPhone simulator to nail this. One gets the feeling they don't want to fix the problem, until an alternate 'State Actor overlord bypass' has been distributed. The bad news for Apple, is that many, many eyes are on the undocumented MMIO tables, and people will be writing security violation routines just to test if their phone has been borked.
  • by thesjaakspoiler ( 4782965 ) on Tuesday May 07, 2024 @03:24AM (#64453308)

    A company that still thinks it's all about design doesn't spend much time on security.

  • Consumers suck... (Score:3, Informative)

    by bleedingobvious ( 6265230 ) on Tuesday May 07, 2024 @03:28AM (#64453312)

    ...and you *cannot* fix stupid at the OS level. At best, you can provide a seatbelt.

  • by ugen ( 93902 ) on Tuesday May 07, 2024 @05:00AM (#64453432)

    Problem is - Apple does not differentiate between security updates and general/feature updates. In order to get the most up to date product security, I must also subject myself to feature bloat, unnecessary interface changes (to justify UI designer and PM pay), potential incompatibility and loss of application functionality and, finally, predictable reduction in performance (due to progressive code bloat).

    So, as many users, I avoid upgrading iOS unless absolutely necessary. If Apple actually cares about security, they should fully separate security updates from the general/feature system upgrades, at least for the duration of every major iOS release (and, preferably, a few years after - certainly for the duration of any device that initially came with any given iOS version). Other OS makers are able to do so with resources far below those of Apple.

    I am guessing that Apple specifically conflates the two, because it can use the incentive of security to force users to accept whaever new features it wants to introduce. While I am an Apple product user (and plan to remain one), this is something I don't really like.

    • That is wholly and factually incorrect. For at least the last year and a half to two years, Apple has baked in three separate release channels for iOS, iPadOS, and MacOS devices: OS Updates, Security Responses & System Files, and Beta Updates. Several times since then, Apple has released "Security Responses & System Files" updates that were completely separate from standard OS updates. They intentionally created this feature as a response to the original Pegasus attacks.
      • by ugen ( 93902 )

        If they did, as a regular iOS user I am unable to see it. My system only offers me full updates (very explicitly marked and pushed on me). I see no offer of security updates. They may exist somewhere in the Apple specific world, if one were to go actively searching, but for purposes of an average user they might as well not.

  • PRISM (Score:1, Interesting)

    by Anonymous Coward

    Does this have anything to do with Apple being part of the NSA's PRISM program?

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...